/** * Determines if a given reason user has a given privilege * * Note: This function is *fast*. There's no need to carefully store and pass around its results -- just call it again. * * Privileges: * - add * - The privilege to create new (pending) entities. * - edit_pending * - The privilege to edit pending entities * - delete_pending * - The privilege to delete pending entities (e.g. mark them as "deleted") * - edit * - The privilege to edit live entities * - delete * - The privilege to delete live entities (e.g. mark them as "deleted") * - publish * - The privilege to publish entities (e.g. change their state from pending to live) * - borrow * - The privilege to borrow entities from other sites * - expunge * - The privilege to expunge deleted entities from the Reason database (That, is remove them forever) * - duplicate * - The privilege to duplicate entities (By default, limited to admins as of 3/08, as this is a experimental feature of Reason) * - edit_html * - The privilege to switch between WYSIWYG view and HTML view in the HTML editor * - switch_theme * - The privilege to change the site's theme (if the site's theme is not locked by an administrator) * - pose_as_other_user * - The privilege to interact with the Reason edministrative interface as if they were someone else. NOTE: This is a *very* powerful privilege, as it amounts to superuser rights! * - assign_any_page_type * - The privilege to choose from all Reason page types, rather than a select few * - edit_head_items * - The privilege to insert arbitrary HTML into the page head (css, scripts, meta tags, etc.) * - edit_unique_names * - The privilege to give Reason entities unique names. This is necessary for creating sites and types. * edit_fragile_slugs * - The privilege to modify a slug that may cause broken links if changed (e.g. publication feed URL slugs) * edit_home_page_nav_link * - The privilege to insert a custom link to site home pages in the navigation (instead of the standard "Sitename Home") * - edit_form_advanced_options * - The privilege to edit advanced options in the thor form content manager * - manage_allowable_relationships * - The privilege to modify, create, and delete the set of relationships can be made between Reason entities. NOTE: This is very powerful, and should only be given to highly trustworthy individuals * - view_sensitive_data * - The privilege to view any data in Reason (like a fulltext search of the entire Reason db) * - manage_integration_settings * - The privilege to modify or override foreign keys and other values in Reason that pertain to integration with external data sources * - edit_raw_ldap_filters * - The privilege to write full LDAP filters/queries (e.g. in the construction of dynamic groups) * - upload_full_size_image * - The privilege to keep images from being resized upon upload, thereby retaining their original dimensions * - upgrade * - The privilege to run Reason's upgrade scripts * - db_maintenance * - The privilege to run standard database cleanup and sanity-checking scripts * - update_urls * - The privilege to run Reason's .htaccess regeneration script * - bypass_locks * - The privilege edit any locked field or relationship * - manage_locks * - The privilege edit any locked field or relationship * - customize_all_themes * - The privilege to customize any site's theme * * @param integer $user_id The Reason entity id of the user * @param string $privilege * @return boolean true if the user has the privilege, false if not */ function reason_user_has_privs($user_id, $privilege) { $user_id = (int) $user_id; if (empty($user_id)) { return false; } static $privs_cache = array(); if (empty($cache[$user_id])) { $roles = reason_user_roles($user_id); } elseif (isset($privs_cache[$user_id][$privilege])) { return $privs_cache[$user_id][$privilege]; } $privs = reason_get_privs_table(); foreach ($roles as $role) { if (isset($privs[$role]) && in_array($privilege, $privs[$role])) { $privs_cache[$user_id][$privilege] = true; return true; } } $privs_cache[$user_id][$privilege] = false; return false; }
/** * Can a given user edit at least one field or relationship * of this entity? * * @param mixed $user user entity or null for currently logged-in user * @param string $fields_or_rels limit question to just fields or just relationships -- 'all', 'fields', or 'relationships' * @return boolean */ public function user_can_edit($user = null, $fields_or_rels = 'all') { static $cache = array('all' => array(), 'fields' => array(), 'relationships' => array()); if (!isset($cache[$fields_or_rels])) { trigger_error('2nd parameter of user_can_edit must be one of: "' . implode('", "', array_keys($cache)) . '". Given "' . $fields_or_rels . '"; setting to "all".'); $fields_or_rels = 'all'; } if (null === $user) { $user = $this->_get_current_user(); } if (empty($user)) { return false; } if (isset($cache[$fields_or_rels][$this->_entity->id()][$user->id()])) { return $cache[$fields_or_rels][$this->_entity->id()][$user->id()]; } if (!isset($cache[$fields_or_rels][$this->_entity->id()])) { $cache[$fields_or_rels][$this->_entity->id()] = array(); } if ($this->_one_of_roles_could_edit(reason_user_roles($user->id()), $fields_or_rels)) { $owner = $this->_entity->get_owner(); if (user_can_edit_site($user->id(), $owner->id())) { return $cache[$fields_or_rels][$this->_entity->id()][$user->id()] = true; } } return $cache[$fields_or_rels][$this->_entity->id()][$user->id()] = false; }